What if you try reaching it through your public IP?

Stupid question, but is the service reachable at all? What if you map 81 to 81? Or whichever port the other, confirmed-to-work service uses? What if you map that other service to 8100?

It’s based on hole punching, but with extras. The clients punch a hole in their respective firewalls then the service connect the holes so the clients end up communicating directly with each other. They have a lengthy blog post about NAT traversal.

Tailscale. It does some UDP fuckery to bypass NAT and firewalls (most of the time) so you don’t even need to open any ports. You can run it on individual hosts to access them directly, and/or you can set it up on one device to advertise an entire subnet and have the client work like a split tunnel VPN. I don’t know about OpenWRT, but both pfSense and OpnSense have built-in Tailscale plugins.

People are freaking out about their plan to go public, but for the moment, it’s a reliable, high quality service even on the free tier.

I’ve also used Ngrok and Twingate to access my LAN from outside, but they simply use relay servers instead of Tailscale’s black magic fuckery.

Ansible is an abstraction layer over system utilities, shell, and other programs. You can specify what you want to happen, and it will figure out how to do it. For example, you can use the ansible.builtin.package module to specify which packages you want to be present, and Ansible will decide which specific package manager module should handle it and how.

Ansible tasks are also idempotent – they are concerned with the end state instead of the action. Many of the modules (like the package module above) take a state parameter with the possible values of present or absent (instead of the more common “install” and “remove” actions). If the system’s state satisfies the task’s expected end state (e.g. the package is already present), the task will be skipped – unlike a shell script, which would simply re-run the entire script every time.

Ansible also implements strict error checking. If a task fails, it won’t run any subsequent tasks on the host since the end states would be unpredictable.

That’s unfortunate, I have no idea how Tailscale does routing on Windows. Try running the client without accepting any subnet advertisements.

I’ve also found this: https://tailscale.com/kb/1023/troubleshooting#lan-traffic-prioritization-with-overlapping-subnet-routes The solution might be to advertise a larger subnet (e.g. 192.168.1.0/23) to make the route advertisements on the tailnet less specific than on the LAN. Advertising a larger subnet won’t cause any additional issues because it’s in a private IP range.

How did you set up subnet advertisements on the router, and which subnets? Did you touch the ACL in the tailnet’s admin console?

On the home PC, did you accept advertised routes with the Tailscale client?

What happens when you ping a host on the LAN using tailscale ping ADDR? What happens when you try to tracert or tracepath to it?

Perhaps there was an easier lighter-weight way of doing this?

sshuttle does exactly that. It’s basically a VPN that uses SSH tunnelling. If you have a host in the same network as the target machine, and you can SSH into it, sshuttle can route all TCP traffic between you and the target (or a subnet) through the host without having to bind local ports manually.

sshuttle -r ssh_server <hosts/subnets...>

deleted by creator

Minio is about to get Redis’d.

I use self-hosted services in the following categories as much as possible…

That question could really use a “not applicable” option. I don’t operate any home automation solutions, so any answer from me would be invalid, and neutral answers because the item is not relevant will appear the same as neutral answers because I use both self-hosted and externally hosted solutions (e.g. Mullvad for privacy and Tailscale to get around CGNAT).

Whichever pocket doesn’t conain the keys.

And the keys go in whichever pocket doesn’t contain my phone.

The minimum spec is whatever e-waste you can find that still powers on.

My home server has an i3-4160, 10 gigabytes of mis-matched RAM, a ten-year-old 240 GB SSD with 36000 hours on it, and three 1 TB hard drives in a RAID5 array each with ~25000 power-on hours. It runs Proxmox on the metal with a virtualized OPNsense, Nextcloud, and Jellyfin server (plus smaller services). Jank levels are high, but not fatal, and it was mostly free.

Eh.

Without the unique boss designs and gameplay mechanics, the world looks and feels like every other Souls, but with more pixels. Not bad, but not strong enough on its own.

Red Dead 2. Law killed my horse in Valentine, so I decided to walk and hitchhike back to Clemens Point. I wrestled a bear, found the plague village, blew up a KKK gathering… just regular old west things.

The early STALKER games are also nice, if you’re into that sort of atmosphere. Nothing beats the feeling of sitting in the rookie village next to the world’s most mediocre guitarist.

Perfectly reasonable to be attracted to physical traits or customs (clothes, hairstyle, body modifications) that are typical for a particular culture or ethnicity.

The problems start when attraction is contingent on belonging to a particular ethnicity.

Stop worrying about the country of origin. It’s a FOSS project. The vast majority of Pop’s components are developed independently of the company, and by citizens of various nations. Applying the “USA bad, so product bad” rhetoric is a seriously shortsighted approach. Consider instead the amount of influence exerted by the company. Does Ubuntu still seem like the better choice just because the company is headquartered in the UK?

Besides, if you really want to cut American software out of your life, start with Linux and GNU. Torvalds was born in Finland, but he is a naturalized US citizen, and Linux is developed on American infrastructure and includes significant amount of work from American developers.

I’ve never used the AIO image. I’ve heard it’s weird. This is my compose file for the community image:

volumes:
  db:

services:
  db:
    image: mariadb:10.6
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    secrets:
      - mysql_root_password
      - mysql_nextcloud_password
    environment:
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_nextcloud_password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  nextcloud:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    depends_on:
      - db
    links:
      - db
    volumes:
      - /var/www/html:/var/www/html
      - /srv/data:/srv/data
    secrets:
      - mysql_nextcloud_password
    environment:
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_nextcloud_password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db

secrets:
  mysql_root_password:
    file: ./secrets/mysql_root_password.txt
  mysql_nextcloud_password:
    file: ./secrets/mysql_nextcloud_password.txt

You can access it on port 8080 and perform the initial setup manually. For the database server address, use the db hostname. You’ll have to use a reverse proxy for HTTPS.

You could also try OpenCloud, which is a Go rewrite of ownCloud.

You’d be a perfect fit as a military analyst. Those people make noncredibledefense look positively proficient.